Platform and method for establishing provable identities while maintaining privacy

US 7,516,330 B2
Filed: 11/29/2005
Issued: 04/07/2009
Est. Priority Date: 06/28/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

producing a pseudonym including a public pseudonym key within a first platform;

placing the public pseudonym key into a certificate template;

performing a hash operation on the certificate template to produce a certificate hash value;

performing a transformation on the certificate hash value to create a blinded certificate hash value, the performing of the transformation includes performing a logical operation on the certificate hash value using a pseudo-random number to produce a value differing from the certificate hash value, the pseudo-random number being a predetermined value raised to a pseudo-randomly selected power;

creating a certificate request including the blinded certificate hash value;

digitally signing the certification request with a private key of the first platform to produce a signed certification request;

transferring the signed certificate request with a device certificate including a public key of the first platform; and

encrypting the signed certificate request and the device certificate with a public key of a second platform targeted to receive the signed certificate request and the device certificate.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method for utilizing a pseudonym to protect the identity of a platform and its user is described. The method comprises producing a pseudonym that includes a public pseudonym key. The public pseudonym key is placed in a certificate template. Hash operations are performed on the certificate template to produce a certificate hash value, which is transformed from the platform. Thereafter, a signed result is returned to the platform. The signed result is a digital signature for the transformed certificate hash value. Upon performing an inverse transformation of the signed result, a digital signature of the certificate hash value is recovered. This digital signature may be used for data integrity checks for subsequent communications using the pseudonym.

225 Citations

21 Claims

1. A method comprising:
- producing a pseudonym including a public pseudonym key within a first platform;
  
  placing the public pseudonym key into a certificate template;
  
  performing a hash operation on the certificate template to produce a certificate hash value;
  
  performing a transformation on the certificate hash value to create a blinded certificate hash value, the performing of the transformation includes performing a logical operation on the certificate hash value using a pseudo-random number to produce a value differing from the certificate hash value, the pseudo-random number being a predetermined value raised to a pseudo-randomly selected power;
  
  creating a certificate request including the blinded certificate hash value;
  
  digitally signing the certification request with a private key of the first platform to produce a signed certification request;
  
  transferring the signed certificate request with a device certificate including a public key of the first platform; and
  
  encrypting the signed certificate request and the device certificate with a public key of a second platform targeted to receive the signed certificate request and the device certificate.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the producing of the pseudonym includes generating the public pseudonym key and a private pseudonym key corresponding to the public pseudonym key.
  - 3. The method of claim 1, wherein the placing of the public pseudonym key into the certificate template includes writing the public pseudonym key into a field of the certificate template.
  - 4. The method of claim 1, wherein an inverse of the pseudo-random number is a predetermined value raised to an inverse power designated by a pseudo-random value and the inverse of the pseudo-random number is used to recover a digital signature received in response to the certificate request.
  - 5. The method of claim 1 further comprisingrecovering by the second platform the public key of the first platform from the device certificate using a public key of a certification authority, the public key being used to recover and verify the device certificate.
  - 6. The method of claim 5 further comprising:
    - digitally signing the blinded certificate hash value to produce a signed result; and
      
      transferring the signed result back to the first platform.

7. A platform comprising:
- a transceiver; and
  
  a device in communication with the transceiver, the device including a persistent memory to contain a permanent key pair, at least one pseudonym being an alternative key pair generated internally within the device and used in lieu of the permanent key pair to establish secured communications via transmissions from the transceiver to a remote platform, the device comprising a processing unit to;
  
  write a public pseudonym key into a certificate template,perform a hash operation on the certificate template to produce a certificate hash value,perform a transformation on the certificate hash value to create a blinded certificate hash value, the transformation including a logical operation on the certificate hash value using a pseudo-random number to produce a value differing from the certificate hash value,create a certification request including the blinded certificate hash value,digitally sign the certification request with a private key of the platform to produce a signed certification request,append the signed certification request with a device certificate that includes at least a public key of the platform,encrypt the signed certification request and the device certificate with a public key of the remote platform.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The platform of claim 7, wherein the processing unit furthertransfers the encrypted signed certification request and the device certificate to the remote platform for recovery of the certification and verification of the device certificate, the remote platform producing a signed result if the certification request is recovered and the device certificate is verified.
  - 9. The platform of claim 8, wherein the processing unit of the device further performs an inverse transformation on the signed result to recover a digital signature of the certificate hash value.
  - 10. The platform of claim 9, wherein the processing unit further stores the digital signature with the at least one pseudonym in a subsequent communication with another platform to identify that the platform includes a trusted device.
  - 11. The platform of claim 8, wherein the processing unit of the device further divides the signed result by an inverse of the pseudo-random number to recover a digital signature of the certificate hash value.

12. A method comprising:
- producing a pseudonym within a first platform, the pseudonym representing a persistent identity of the first platform so long as a user chooses to retain the pseudonym;
  
  performing a hash operation on a certificate template including pseudonym to produce a certificate hash value;
  
  performing a transformation on a certificate hash value to create a blinded certificate hash value by multiplying the certificate hash value, being a hash value of information including the pseudonym, by a pseudo-random number generated within and maintained by the first platform, the pseudo-random number being a predetermined value raised to a pseudo-randomly selected power; and
  
  transmitting the pseudonym in an obfuscated format to a second platform;
  
  wherein the transmitting of the pseudonym comprises;
  
  creating a certificate request including the blinded certificate hash value,digitally signing the certification request with a private key of the first platform to produce a signed certification request,transferring the signed certificate request with a device certificate including a public key of the first platform, andencrypting the signed certificate request and the device certificate with a public key of a second platform targeted to receive the signed certificate request and the device certificate.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, wherein the private key of the first platform and the public key of the first platform are permanently stored and associated with the first platform.
  - 14. The method of claim 12, wherein the producing of the pseudonym includes generating the public pseudonym key and a private pseudonym key corresponding to the public pseudonym key.
  - 15. The method of claim 14, wherein prior to performing the hash operation, the method further comprises placing the public pseudonym key into the certificate template by writing the public pseudonym key into a field of the certificate template.
  - 16. The method of claim 12, wherein an inverse of the pseudo-random number is a predetermined value raised to an inverse power designated by the pseudo-random value and is used to recover a digital signature received in response to the certificate request.

17. A method comprising:
- producing a pseudonym within a first platform, the pseudonym representing a persistent identity of the first platform so long as a user chooses to retain the pseudonym;
  
  performing a hash operation on a certificate template including pseudonym to produce a certificate hash value;
  
  performing a transformation on a certificate hash value to create a blinded certificate hash value by multiplying the certificate hash value, being a hash value of information including the pseudonym, by a pseudo-random number generated within and maintained by the first platform, the pseudo-random number being a predetermined value raised to a power;
  
  creating a certificate request including the blinded certificate hash value;
  
  digitally signing the certification request with a private key of the first platform to produce a signed certification request;
  
  transferring the signed certificate request with a device certificate including a public key of the first platform; and
  
  encrypting the signed certificate request and the device certificate with a public key of a second platform targeted to receive the signed certificate request and the device certificate.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The method of claim 17, wherein the private key of the first platform and the public key of the first platform are permanently stored and associated with the first platform.
  - 19. The method of claim 17, wherein the producing of the pseudonym comprises generating the public pseudonym key and a private pseudonym key corresponding to the public pseudonym key.
  - 20. The method of claim 17, further comprising placing the public pseudonym key into the certificate template by writing the public pseudonym key into a field of the certificate template.
  - 21. The method of claim 17, wherein an inverse of the pseudo-random number is a predetermined value raised to an inverse power designated by the pseudo-random value and is used to recover a digital signature received in response to the certificate request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Ellison, Carl M., Sutton, James A.
Primary Examiner(s)
Nalven; Andrew L
Assistant Examiner(s)
POLTORAK, PIOTR

Application Number

US11/289,747
Publication Number

US 20060080528A1
Time in Patent Office

1,225 Days
Field of Search

713/156, 713/180
US Class Current

713/180
CPC Class Codes

H04L 2209/42   Anonymization, e.g. involvi...

H04L 9/3265   using certificate chains, t...

H04L 9/3271   using challenge-response

Platform and method for establishing provable identities while maintaining privacy

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

225 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Platform and method for establishing provable identities while maintaining privacy

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

225 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links